Join us on May 15 for a live demo of how Burp Suite DAST solves real-world security challenges.            Register Now
Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Lab: SQL injection vulnerability allowing login bypass

APPRENTICE

This lab contains a SQL injection vulnerability in the login function.

To solve the lab, perform a SQL injection attack that logs in to the application as the administrator user.

ACCESS THE LAB

Solution

  1. Use Burp Suite to intercept and modify the login request.
  2. Modify the username parameter, giving it the value: administrator'--

Community solutions
Rana Khalil
z3nsh3ll
Michael Sommer

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy

  • Practise exploiting vulnerabilities on realistic targets.

  • Record your progression from Apprentice to Expert.

  • See where you rank in our Hall of Fame.

Already got an account? Login here

Try Burp Suite for Free

Find SQL injection vulnerabilities using Burp Suite

Try for free